Lottery fraud

• Hundred-lotto
• Bank card and payment fraud
• Lotteries (Russian market)

2023: Blocking nearly 10,000 fraudulent resources in a year

The largest distributor state lotteries of all-Russian "" and Hundred-lotto the company, a F.A.C.C.T. Russian developer of technologies to combat, in cybercrimes 2023 discovered and blocked 9,704 fraudulent resources that operated under the guise of popular state lotteries, including illegally using the Stoloto brand. Of these, 8,602 fell on fraudulent sites, 654 on fake posts, accounts and groups in, social networks another 38 on messages in and 409 messengers on false mobile applications, and one mailing address from which phishing the mailing was carried out was also blocked. This was announced on February 8, 2024 by representatives of the F.A.C.C.T.

According to analysts at F.A.C.C.T., the result of many years of joint work between the Stoloto team and cybersecurity specialists was a trend towards a decrease in the number of such fraudulent resources - in the second half of 2023 year there were fewer of them than in the first half of the same year. So, in the first half of 2023, 7,018 fraudulent sites, 252 fake posts, accounts and groups in social networks, 87 fake mobile applications and one mailing address were blocked, and in the second half of 2023, only 1,640 fraudulent sites were discovered and blocked, 470 fake posts, accounts and groups in social networks, as well as 317 fake mobile applications.

In general, in 2023, the number of fraudulent resources that operated under the guise of popular state lotteries and/or illegally used the Stoloto brand decreased by a multiple of 2022 indicators. So, if in 2022 38,470 such fraudulent resources were discovered and blocked, then in 2023 almost 4 times less such resources were identified and neutralized.

Stoloto, together with law enforcement agencies and cybersecurity specialists, continues to carry out increased work against fraudulent groups in the digital space 365 days a year in 24/7 mode. We see that throughout the year, fraudulent activity has declined, reaching its lowest levels in the last three years. This shows that our efforts in the fight against cyber fraudsters are yielding results. In addition, we are constantly working to inform citizens, as this is one of the key tools to prevent fraud. noted Ekaterina Tuton, Deputy General Director of the multidisciplinary holding S8 Capital, which includes Stoloto

Throughout 2023, skam phishing and remained one of the most relevant. cyber threats However, due to the fact that Stoloto is responsible for protecting both its brand and users, according to the results of our joint work, the number of fraudulent resources has decreased multiple times, and the scam scheme with registration on the free service domains freenom has almost completely ceased to exist. And here is a case in point: the more effectively Stoloto fights digital crime, the faster scam groups lose interest in the brand, as they cease to receive stable income from deceiving users. Thus, we not only destroy the digital infrastructure of attackers, but also negate the economic feasibility of their criminal business. commented Stanislav Goncharov, Head of Digital Risk Protection at F.A.C.C.T.

Since 2014, all lotteries in Russia have been state-owned, organized by the Ministry of Finance of the Russian Federation and the Ministry of Sports of the Russian Federation, and they are held under state supervision of the Federal Tax Service of Russia. State lotteries distributed by Stoloto are a significant source of replenishment of budgets at various levels of the Russian Federation in order to finance socially significant objects and events, including measures for the development of physical culture and sports, sports of higher achievements and the training system for the sports reserve.

"Stoloto" and the F.A.C.C.T. recall basic rules to be followed to avoid falling victim to fraudsters:

• never click on suspicious links. Scammers can infect a computer or phone and steal data. It is recommended to use only the official Stoloto application and site;
• if the user has changed the mobile phone number or email address, be sure to inform Stoloto, otherwise there is a risk that the data will get to the new owner;
• When buying tickets online, always check all details of transfers and payments;
• use by antivirus programs.

If the user received a call and introduced themselves as an employee of the state lottery, you need to remember that the representatives of Stoloto:

• do not ask to provide personal data, card number and one-time password from SMS to confirm the financial transaction by phone;
• do not request a code from SMS to cancel alleged fraudulent transactions;
• do not offer to install remote access programs on the computer (TeamViewer, AnyDesk, RMS, RDP, Radmin, Ammyy Admin, AeroAdmin).

Example of fraud:

• Typically, attackers lure victims to their resources through social networks or email mailings. Fraudulent sites that mimic the state lottery distributed by Stoloto offer the user a free "winning" ticket.
• To pick up the "prize," the "winner" is required to pay a commission or fee for transferring a win, indicating personal data on the payment page. So fraudsters receive not only money, but also bank card details and other information that can be sold on the Dark Web.

How to check that the user is on the official Stoloto website:

• Check the URL: the official website starts with "https ://" and has the exact spelling" stoloto.ru. " If Stoloto launches landings for additional projects or promotions, then the links are formed as follows: "название.stoloto.ru." For example, "milliard.stoloto.ru" or "zabava.stoloto.ru."
• Do not click links from untrusted sources such as email or messages. It is better to enter the site address manually in the address bar. browser
• Do not trust the picture: scammers are trying to repeat the official site, reproducing its corporate identity, symbols and logos.

2022: Blocking and more than 38,000 fraudulent resources

Stoloto and Group-IB in 2022 discovered and blocked 38,470 resources that operated under the guise of state lotteries and illegally used the Stoloto brand. Of these, 26,636 fell on fraudulent sites, 10,903 on posts and mailings in instant messengers, 817 on fake posts, accounts and groups in social networks, and another 110 on mobile applications of cybercriminals. Group-IB announced this on January 26, 2023.

According to Group-IB analysts, the total number of detected and blocked fraudulent resources that operated under the guise of state lotteries and illegally used the Stoloto brand increased from 23,685 in 2021 to 38,470 in 2022.

The most active in 2022, scammers acted in messengers. If in 2021 only 17 posts and fraudulent mailings related to lotteries were identified, then in 2022 10,903 were already blocked in messengers. And in social networks, on the contrary, a slight drop was recorded: from 1004 posts, accounts and groups in 2021 to 817 in 2022.

The number of blocked mobile applications disguised as "Stoloto" has significantly increased - 110 against 74 in 2021. The number of neutralised fraudulent sites has also risen from 22,590 in 2021 to 26,636 in 2022. In addition, 4 mail addresses from which phishing mailing was carried out were blocked.

It is quite obvious that the trend towards digitalization and digitalization in all areas of the economy continues to grow. As of January 2023, more than 53% of lottery tickets distributed by Stoloto are sold online. And scammers go to the platforms that users love and use. In 2022, the trend for mailings in instant messengers, which have turned into full-fledged social networks, is obvious and for many are the main source of information. Stoloto, for its part, together with law enforcement agencies and specialists in the field of cybersecurity, as in all previous years, 24/7, 365 days a year continues to strengthen work to combat fraudsters in the digital space. Our cooperation allows us to quickly and effectively combat fraudulent actions in the digital environment, - said Ekaterina Tuton, Deputy General Director of the multidisciplinary holding S8 Capital (S8 Capital) (which includes Stoloto).

In 2022, we recorded a significant increase in online fraud - scams and phishing - and, according to our forecasts, in 2023 this growth will continue, new schemes will appear in the arsenal of attackers, tools, and messengers - along with social networks - will become one of the main places of attack on the victim and channels for the transfer of compromised data, - said Andrey Busargin, Deputy General Director of Group-IB for Digital Risk Protection. - As part of the fight against bench and phishing, we use the Group-IB Digital Risk Protection (DRP) platform, which automatically checks millions of resources for illegal use of the Stoloto brand, analyzes dozens of sources, including domain names, telegram channels and groups on social networks, mobile app stores to block all fraudulent sites and accounts, as well as email addresses seen in phishing mailings. Our cooperation with Stoloto allows us to work effectively to ensure the safety of all participants in state lotteries.

Stoloto and Group-IB recalled the basic rules that should be observed in order not to become a victim of fraudsters:

• never click on suspicious links: scammers can infect a computer or phone and steal data. Use only the official Stoloto application and the stoloto.ru website;
• do not give anyone codes from SMS and push notifications; map data: PIN and CVV codes; personal data;
• when changing a mobile phone number or email address, be sure to inform Stoloto. Otherwise, there is a risk that the data will fall to the new owner;
• When buying tickets online, always check all details of transfers and payments;
• Use antivirus programs.

If you called and introduced yourself as an employee of the state hotel, you need to remember that the representatives of Stoloto:

• do not ask to provide personal data, card number and one-time password from SMS to confirm the financial transaction by phone;
• will not request a code from SMS to cancel as if "committed fraudulent transactions";
• do not offer to install programs on the computer to provide remote access (TeamViewer, AnyDesk, RMS, RDP, Radmin, Ammyy Admin, AeroAdmin).

2021: Blocking tens of thousands of sites copying state lottery resources

On March 29, 2022, the information security company Group-IB announced the blocking of 23,685 resources at the end of 2021, which operated under the guise of popular state lotteries. Of these, 22,590 fell on fraudulent sites, 1021 - fake accounts and groups in social networks, 74 - fake mobile applications, five mail addresses from which phishing mailing was carried out were also identified.

According to Group-IB analysts, the activity of scammers working in the lottery segment increased significantly in the second half of 2021 - scammers intensified during the new waves of the COVID-19 coronavirus and the restrictions imposed. If from January to June 2021 only 7306 fraudulent sites were blocked, then for the period from July to December this figure has already reached 15284. The number of mobile applications disguised as the Stoloto brand also doubled: from 25 applications in the first half of the year to 49 applications in the second half of the year. Large growth was seen among fake pages and social media groups. If in the first six months only 127 such resources were discovered, then in the second half of 2021 - already 894.

One of the trends in 2021 was the use by scammers along with classic phishing and clone sites of "hybrid schemes" - in them, along with traditional phishing, fake mobile applications are involved, as well as correspondence in instant messengers with representatives of "state managers."

The popularity of lotteries is increasing every year, which invariably attracts the attention of scammers and at the same time requires the distributor of public services to pay increased attention to security, "said Andrey Busargin, Deputy General Director of Group-IB for Digital Risk Protection. - Within the framework of our partnership with Stoloto, we analyze dozens of different sources, including domain names, contextual advertising, search results, mobile application stores.